On 9/5/2018 2:31 AM, Gilles Gravier wrote:
> It's the common example that I use to tell people that opensourcing
> software makes it more secure because the good guys have access to the
> source code at the same time as the bad guys, which gives them a fair
> chance to fix bugs before the bad guys use them.
Bash/Shellshock kinda proves that premise incorrect, although it's
pretty much the worst-case example, but still... ;)
I'm not sure it does. It proves that bugs aren't instantly found, true. It doesn't provide perfection, but does make it easier to find / fix bugs before the bad guys. How long would such a bug have languished it if were buried inside of DCL.B32 instead of being out in the open?
Warner